SKILupDay

DevSecOps #SKILupDay
Discussing DevSecOps and Upskilling in DevOps ahead of SKILup Day on Sept. 17
Register for DevSecOps SKILupDay!
   5 years ago
#SKILupDayObservability #SKILupDayDiscussing Observability and Upskilling in DevOps ahead of SKILup Day
   5 years ago
#SKILupDayAIOps and MLOps #SKILupDayDiscussing AIOps and MLOps ahead of SKILup Day on October 15
Timeline
DevOps Institute
Thanks everyone for joining everyone! Be sure to join us for #DevSeOps SKILup Day next Thursday! https://devopsinstitute.com/devsecops-skilup-day/
https://devopsinstitute.com/devsecops-skilup-day/
SKILup Day: DevSecOps • DevOps Institute
SKILup Day: DevSecOps • DevOps Institute
This virtual SKILup Day will explore DevSecOps from a technical, process, and cultural point of view from some of the top DevSecOps experts and vendors.
[+] Show Hidden Comments
Kristine Setschin
How well do your security and developers work together? Is it more like 'hide the sharp instruments!" or like peanut butter and jelly? :-)
[+] Show Hidden Comments
[-]
Marc Cluet #BLM
There might be some pointy knifes at the beginning, but get them to talk, empathise #DevSecOps #DevOpsInstitute #SKILupDay
DevOps Institute
What are some learning resources you would recommend for #DevSecOps?
[+] Show Hidden Comments
[-]
Helen Beal 🐝
The new DevSecOps Foundation course 2.0 - just released!
[-]
Vishnu Vasudevan
Information Security Training
[-]
Helen Beal 🐝
Also, we have a DevSecOps SKILbook being put together - stay tuned!
Helen Beal 🐝
Great question from @simonejomoore : "Why aren't we doing security drills?"
[+] Show Hidden Comments
[-]
Helen Beal 🐝
Fits with @PlanetKristine 's question perfectly...
[-]
Vishnu Vasudevan
Because it always results in escalation and unnecessary visibility and at times resulting in job.
[-]
Marc Cluet #BLM
Drills should be done with everything, as fire departments deal with fires by drilling, you cannot expect any team to be able to deal with a threat if they have not practiced enough to be in control of the situation #DevSecOps #DevOpsInstitute #SKILupDay
[-]
Siddharth
good to have your roof repaired when sun is shining but unfortunately that's the time when the people are least bothered. #DevSecops #DevOps
[-]
Vishnu Vasudevan
Ppl are scared especially in the legacy environment because before agile , devops, ppl were working in in silo mode and if they open that pandora box that might even kill the business :)
[-]
Mark Peters
wait, whose not doing security drillls? Proper exercise is essential ops
[-]
Anshul Lalit
Indeed a good question, and most of the times it is a part of chaos engineering, so yeah i consider that as a drill too.
[-]
Manny Varela
Ethical Hacking, Pen Testing, Risk Management and Disaster Recovery drills should be an ongoing thing.
[-]
Anshul Lalit
Aaron has a good post about it https://opensource.com/article/18/1/new-paradigm-c....
https://opensource.com/article/18/1/new-paradigm-cybersecurity#:~:text=Security%20Chaos%20Engineering%20is%20the,against%20malicious%20conditions%20in%20production
Security Chaos Engineering: A new paradigm for cybersecurity
Security Chaos Engineering: A new paradigm for cybersecurity
We spend billions on cybersecurity, but data breaches continuously get bigger and more frequent. Let's try a fresh perspective.
DevOps Institute
What are the ways people can try and stay aware or ahead of new security threats? #DevSecOps
[+] Show Hidden Comments
[-]
Jack Maher MSIS, PMP, DOL, CAL, SRE
Automation! There are many great sources of information, including very secure and free. Such as https://www.mitre.org/centers/national-security-an...

(edited)

https://www.mitre.org/centers/national-security-and-engineering-center/who-we-are
National Security Engineering Center
National Security Engineering Center
Our sponsors turn to MITRE for excellence in technical areas such as sensors, electronics, digital systems, IT, and cybersecurity. These fields lie at the core of the NSEC's capabilities. But NSEC, like MITRE itself, is about more than technology. Ou...
[-]
Siddharth
regular (mandatory) training. Interactive Exercises by organization on regular basis. #DevSecOps #DevOps
[-]
Marc Cluet #BLM
Security is always a losing race, for me personally it's always a question of making it as difficult/slow as possible to be able to detect threads with enough time #DevSecOps #DevOpsInstitute #SKILupDay
[-]
Vishnu Vasudevan
Having a robust Security policy and build a autonomous process that can bring the visibility on the security issues that needs to be addressed and measuring the existing and new security issues in the organization.
[-]
felipe dueñas
Monitoring a threatening model all the time
[-]
Mark Peters
use advanced solutions ahead of next security threat. Rapid telease and deploy with updated cose
savinderpuri
If DevSecOps was a movie, what would it be?
[+] Show Hidden Comments
[-]
Marc Cluet #BLM
Hackers #DevSecOps #DevOpsInstitute #SKILupDay #HackThePlanet
[-]
Vishnu Vasudevan
Devops without security definitely a horror movie :)

(edited)

[-]
savinderpuri
@vishnube good one!
[-]
savinderpuri
"when harry met sally"
[-]
Vishnu Vasudevan
perfect !
[-]
Anshul Lalit
Conjuring DevOps
[-]
felipe dueñas
What do you know about security ¡¡¡¡
[-]
Vishnu Vasudevan
@alalit You read my mind :)
[-]
Helen Beal 🐝
What Security Wants
[-]
Jack Maher MSIS, PMP, DOL, CAL, SRE
Beetlejuce
[-]
savinderpuri
I know what you did (in the) last release!!
[-]
Anshul Lalit
lol
[-]
Mark Peters
Three amigos
Kristine Setschin
What typically happens when there is a high criticality security incident at your organization?
[+] Show Hidden Comments
[-]
Vishnu Vasudevan
War room !
[-]
Marc Cluet #BLM
It triggers a security incident that gets escalated to all the adequate teams to deal with it ASAP #DevSecOps #DevOpsInstitute #SKILupDay
[-]
savinderpuri
Panic. Zoom. Repeat.
[-]
Vishnu Vasudevan
All hands on deck. Fix it, get the root cause and make sure it is not repeated at any cost.
[-]
Jack Maher MSIS, PMP, DOL, CAL, SRE
Find out who did it!
[-]
Helen Beal 🐝
And beat them up!
[-]
Jack Maher MSIS, PMP, DOL, CAL, SRE
@BealHelen nah, just career limit them and make their life miserable for a while... LOL, just kidding (mostly)
[-]
Siddharth
what does high critical definition means to the employees. Impact, Urgency & Priority is decided then accordingly. #DevSecOps #DevOps
[-]
Vishnu Vasudevan
lol
[-]
felipe dueñas
Most of the time, nobody knows what to do ....
[-]
Kristine Setschin
Do you see a sudden rise in PTOs? :-)
DevOps Institute
Security should be a minimum viable product (MVP) - discuss! #DevSecOps
[+] Show Hidden Comments
[-]
DevOps Institute
interesting point @lynxman
[-]
Vishnu Vasudevan
to me it has to be at the maximum level for an organization or a product to grow. Without security no code should be moved to prod.
[-]
Marc Cluet #BLM
yes definitely, this way you understand from a product perspective what are the must have vs the nice to have #DevSecOps #DevOpsInstitute #SKILupDay
[-]
Helen Beal 🐝
Oof. No. Security is part and parcel of every long-lived product - any incremental change must have security NFRs and NFTs attached at the earliest opportunity. Automate it to make it easier to get the security test coverage you want.
[-]
felipe dueñas
Security MUST BE CONSIDERED when you define a MVP
[-]
savinderpuri
Nooopeess... it's critical and integral for *all* projects in 2020!
[-]
Vishnu Vasudevan
automation is key and also CISO should have leverage over any product that is being pushed to prod and have a direct relationship with the Engineering team to avoid security issues.
[-]
Manny Varela
No, critical from project conception.
[-]
Jack Maher MSIS, PMP, DOL, CAL, SRE
Agreed, and in most organizations there is policy that software isn't put into production without security review. This require security reviews, and frequently a triage that determines whether or not the risk will be assumed, or responsibility abdicated.
[-]
Siddharth
Security should be PART of a minimum viable product (MVP). And be considered as a functional requirement rather non-functional. #DevSecOps #DevOps